๐ Types & applications of access control methods
Access control methodsโ
RBACโ
Role based access control
This works by restricting system access to only authorised users
It's an approach to implement mandatory access control or discretionary access control
It could be used to allow access to certain folders within a workspace
Prosโ
Allows you to create hierarchies, where managers automatically get all the permissions of their direct report
Consโ
In the event of role explosion, translating user requirements to roles can be complicated
ABACโ
Attribute-based access control
An authorisation model that evaluates attributes or characteristics, rather than roles, to determine access
Prosโ
Administrators have the luxury of choosing from a large set of attributes, which helps them formulate highly specific rules
Consโ
Can be hard to implement, especially in time-constrained situations.
MACโ
Mandatory access control
A method of limiting access to resources based on the sensitivity of the information that the resource contains
Prosโ
High level data protection
Centralised information
Consโ
Careful Setting-Up Process - MAC must be set up with good care otherwise it will make working chaotic.
DACโ
Discretionary access control
Restricting access to objects based on the identity of the subject (the user or the group to which the user belongs)
Prosโ
Easy to maintain